Table Of Contents
- Linux OS Details
- File System Structure
- Important File/Directory Descriptions
- /etc/shadow File Format
- /etc/shadow Hash Types
- /etc/passwd File Format
LINUX OS DETAILS
FILE SYSTEM STRUCTURE
| PATH | DESCRIPTION |
|---|---|
| / | Anchor and root of the filesystem |
| /bin | User binaries |
| /boot | Boot-up related files |
| /dev | Interface for system devices |
| /etc | System configuration files |
| /home | Base directory for user files |
| /lib | Critical software libraries |
| /opt | Third party software |
| /proc | System and running programs |
| /root | Home directory of root user |
| /sbin | System administrator binaries |
| /tmp | Temporary files |
| /usr | Contains all the system files. Less critical files |
| /var | Variable system files |
IMPORTANT FILE/DIRECTORY DESCRIPTIONS
| FILE/DIRECTORY | DESCRIPTION |
|---|---|
| /etc/shadow | User account information and password hashes |
| /etc/passwd | User account information |
| /etc/group | Group names |
| /etc/rc.d | Startup services (rc0.d-rc6.d) |
| /etc/init.d | Contains startup/stop scripts |
| /etc/hosts | Hardcoded hostname and IP combinations |
| /etc/hostname | Full hostname with domain |
| /etc/network/interfaces or /etc/netplan | network configuration |
| /etc/profile | System environment variables |
| /etc/apt/sources.list | Debian package source |
| /etc/resolv.conf | DNS configuration |
| /home/<USER>/.bash_history | User Bash history |
| /usr/share/wireshark/manuf | Vendor-MAC lookup (Kali Linux) |
| ~/.ssh/ | SSH keystore |
| /var/log | System log files (most Linux) |
| /var/adm | System log files (Unix) |
| /var/spool/cron | List cron files |
| /var/log/apache2/access.log | Apache connection log |
| /etc/fstab | Contains local and network configured mounts and shares |
/ETC/SHADOW FILE FORMAT
- Note: 1-9 Fields separated by ":"
- Field-1: Login name -- Example: "root:"
- Field-2: Encrypted password -- Example: "$6$RqNi$...PbED0:"
- Field-3: Date of last password change (days since epoch) -- Example: "16520:"
- Field-4: Minimum password age (in days) -- Example: "0:"
- Field-5: Maximum password age (in days) -- Example: "99999:"
- Field-6: Password warning period (in days) -- Example: "7:"
- Field-7: Password inactivity period (in days) -- Example: ":"
- Field-8: Account expiration date (days since epoch) -- Example: ":"
- Field-9: Reserved -- Example: "" (empty)
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
|---|---|---|---|---|---|---|---|---|
| root: | $6$RqNi$...PbED0: | 16520: | 0: | 99999: | 7: | : | : |
/ETC/SHADOW HASH TYPES
- Note: */etc/login.defs contains the shadow configuration.
- Note: First three characters of the hash list the hash type
- Example
kryptonite:$6$n4wLdmr59pt.......:18912:0:99999:7:::
| FIRST 3 CHARS OF THE HASH LIST | HASH TYPE |
|---|---|
| $1$ | MD5 |
| $2a$ | bcrypt |
| $2y$ | bcrypt |
| $5$ | SHA-256 |
| $6$ | SHA-512 |
/ETC/PASSWD FILE FORMAT
- Note: 7 Fields separated by ":"
- Field-1: Login name -- Example: "root:"
- Field-2: Password (x: password in shadow file, *: user cannot use login) -- Example: "x:"
- Field-3: User ID (UID) root = 0 -- Example: "0:"
- Field-4: Primary Group ID (GID) -- Example: "0:"
- Field-5: Comment Field/User full name -- Example: "Root:"
- Field-6: User’s home directory -- Example: "/root:"
- Field-7: User’s default shell -- Example: "/bin/bash:"
| 1 | 2 | 3 | 4 | 5 | 6 | 7 |
|---|---|---|---|---|---|---|
| root: | x: | 0: | 0: | Root: | /root: | /bin/bash: |